No HIPAA Penalties for Good Faith Use of Telehealth During COVID-19 Epidemic
The U.S. Department of Health and Human Services (“HHS”) announced it will use its discretion to not impose penalties for good faith use of telehealth during the COVID-19 epidemic. HIPAA is still in effect, but this announcement is welcome news for employers, individuals and health care providers during what the government is describing as a national public health emergency.
What does the announcement cover?
The Office of Civil Rights (“OCR”), the division of HHS tasked with enforcing HIPAA, stated it will not bring penalties for good faith use of telehealth during the COVID-19 epidemic. Good faith use is described as non-public facing means of audio or video communication. Examples provided include Apple’s FaceTime, Google Hangouts, Facebook’s Messenger and Skype.
Does the announcement cover only care related to COVID-19?
No. It covers all physical and mental health care during the COVID-19 epidemic. Any health care can be provided through the good faith use of telehealth, whether or not it is about COVID-19.
What does the announcement not cover?
Two key things. One, public facing means of audio or video communication are not considered good faith use of telehealth. This includes, at the least, Facebook Live, Twitch and TikTok. Similar apps, software and services should also not be used to provide telehealth. Two, all other aspects of HIPAA are still in effect. No indication was provided that other HIPAA violations would be covered by this announcement.
As a health care provider, what does this announcement mean?
It means you can use telehealth to see patients, even if in other circumstances, HIPAA may prohibit you from doing so. This will help speed up the use of telehealth during the COVID-19 epidemic by providing you with additional means of providing telehealth that are quicker and often less expensive to set up and utilize, both for you and your patients. It also provides an opportunity for health care providers to, in some circumstances, assess non-emergency patients and those who are not showing signs of COVID-19 without exposing those individuals to medical facilities where COVID-19 may be present.
As an employer or individual, what does this announcement mean?
Where an employer’s health plan covers telehealth, consider reminding employees about its availability. If you are not sure if your health plan permits the use of telehealth, contact your plan administrator or insurance provider. For individuals, this is another opportunity to avoid areas that could put you at risk to exposure to COVID-19. It also saves time (you do not need to travel) and likely money because telehealth is often provided at a reduced rate to in person care.
What is the effective date of the announcement?
It is immediately effective. No end date was provided.
Where can I find more information?
OCR and HHS have provided more information about HIPAA during the COVID-19 epidemic at: https://www.hhs.gov/sites/default/files/february-2020-hipaa-and-novel-coronavirus.pdf.
For more information about HIPAA, COVID-19 and the legal implications and options for your business contact your Clark Hill attorney or visit us at: https://www.clarkhill.com/pages/covid-19
2023 Cybersecurity and Data Privacy Laws Summit: Chicago
Join us for our inaugural, in-person program, where legal, in-house, and technical professionals will delve into the latest cyber and privacy topics and trends.
Legal, Tax and Infrastructure Requirements for Fleet EV Charging
Organizations that currently own or intend to acquire electric vehicles can gain insights into tax, legal, and infrastructure requirements by understanding best practices and common mistakes. The panel will also discuss new EV laws and charging technology.
For companies considering a full or partial transition to EV fleets, the webinar will discuss how to maximize tax rebates, determine optimal legal contracts, and identify funding opportunities. The presentation will also cover infrastructure considerations with regard to electrical and cyber requirements.